Restricting HTML injection

How to avoid html injection in node red default nodes.

Can you expand on this?

I assume you mean the node-red-dashboard nodes (not the core nodes built into node-red?

Please provide a demo or detail what you believe the issue to be?